Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/28/2019
12:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Bots Plague Ticketing Industry

Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.

While bad bots are a problem across many industries, the ticketing industry has experienced a dramatic increase in such traffic over the past couple of years. And much of that bad traffic occurs in our own backyard, with 85% of bad bots launched against ticketing companies originating in North America, according to a report released today by Distil Networks.

The report, "How Bots Affect Ticketing," also found the proportion of bad bots among ticketing companies has risen to 39.9% of all ticketing traffic. That's a notable increase from the 22.9% found in previous reports, and even that number was considered worse than the average for all industries.

Edward Roberts, director of product marketing at Distil Networks, says the number increased because of the greater number of ticketing companies included in this year's study, as well as the increase in volume of traffic analyzed.

"The sophistication of the bots and the ability of the organizations that propagate the bots to monetize them and survive as a business has also increased," Roberts says. "Whether it's brokers, scalpers, hospitality agencies, corporations, or criminals, they can lock down tickets, buy them at a cheaper price, and sell them at a premium on a secondary market."

Christopher Rodriguez, a research manager for cybersecurity products at IDC, says he has observed this kind of activity in many other industries, including retail, travel and hospitality, and financial services.

"That's why companies are looking at bot mitigation products such as from Distil, Akamai, PerimeterX, ShieldSquare, and Shape Security," Rodriguez says. "These products do device fingerprinting and tracking, looking how long a user dwells on a certain page, the movement of the mouse and how quickly they type, all in an effort to determine if the user is legitimate."

Criminals at Work
Though criminal elements are a much smaller share of the bad bot ticketing market compared with brokers, scalpers, and other companies, they seek to compromise customer accounts via credential stuffing, Distil's Roberts says.

By running stolen credentials against the login pages of ticketing platforms, bots identify the accounts where access was granted. Once inside the account, any stored tickets (usually two to four tickets at a time) can be stolen or transferred to another account. And once inside an account, any stored credit card and personal information could be stolen or used to commit fraud. The bots also steal customer loyalty points, a problem that has become prevalent with season ticket holders of European soccer teams.

"Ticketing companies need to pay attention to public data breaches because any time there's a major breach, the criminal will hit the names on that list," Roberts says. "Companies also need to consider blocking the known hosting providers for bot operators."

According to the report, ticketing has long experienced the evolution of the bot problem. As the ticketing industry moved online in the 1990s, it was the first industry to suffer from malicious bot operators using automated attacks to hold and scalp tickets. Following complaints by customers and increased pressure from artists, it was also the first industry to adopt legislation as an additional tool in the war on bad bots. In 2016, the US passed the Better Online Ticket Sales (BOTS) Act, which outlawed the resale of tickets purchased using bot technology and imposed fines. The UK, Australia, and parts of Canada have enacted similar legislation.

The latest report on the ticketing industry follows a report Distil issued last year on the airline industry, in which it found that 43.9% of all traffic on airlines websites came from bad bots, Roberts says.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/7/2019 | 7:20:02 AM
Re: External Requests
For comparison, I remember when my father's company subscribed to the old Sabre system for reservations and had an ancient (by today's standards) Western Union terminal (keyboard, roll of paper) in the office.  It was totally secure not only because there were not threats back then but it was so basic.  As we have gotten more complex we have sacrificed speed and covenience for security.  There is alot to be said for DOS 6.22 in some ways.  i could build a machine and do most of my basic work sans internet and you can just TURN IT OFF without shutdown.  (Side note - remember parking the heads? )
schopj
50%
50%
schopj,
User Rank: Strategist
2/28/2019 | 1:06:57 PM
Re: External Requests
How exactly would Ticket Master restrict ticketing to only internal entities?  We're not talking about internal ticketing systems, we're talking about concert and airline ticket sales online getting hit with bots.  
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/28/2019 | 12:56:18 PM
External Requests
I would imagine this is prevalent for ticketing systems that allow external entities to submit requests. If you restrict ticketing to only internal entities and trusted clients you will see a downturn in this activity.

If you are seeing bot traffic originate internally then you have bigger problems.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18610
PUBLISHED: 2019-11-22
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary syste...
CVE-2019-9536
PUBLISHED: 2019-11-22
Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.
CVE-2013-6811
PUBLISHED: 2019-11-22
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding...
CVE-2013-6880
PUBLISHED: 2019-11-22
Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header.
CVE-2019-15652
PUBLISHED: 2019-11-22
The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code.